I'm surmising from this that the header is not faked, and somehow my host accepted this mail in order that it relay the mail.

Yes. There's no way for a spammer to fake your Received header. That mail was handed to your machine from 211.158.162.250, which looks like a PC in Chongqing, China.

The only hosts allowed to relay to this host are in the 192.168.*.* range, and it obviously didn't come from them.

Any clues? My only guess is that someone got in through a pop account, but there's nothing in the logs for POP, I had logging on "problems", just switched it to "low-level".

If you have SMTP AUTH or POP-before-SMTP enabled, it is likely that this is the result of the spammer guessing the password of some account and using that to open up relay access. Unfortunately, the most commonly guessed passwords are those of common accounts, e.g. 'postmaster' for a SIMS system.

Without deep logging, it is impossible to know for sure why SIMS let that mail through. I always recommend setting logging for every piece other than the HTTP module in SIMS to "All" but I'm a log fetishist. Having full logs is only problematic if you are short on disk space and/or lack good tools for examining them, two problems that are readily fixed. Lacking full logs means you lack necessary data to be able to figure out unexpected events, and that missing information is gone for good.